5ae0163de04e9602802feac4ad6eb7d3cc82a015131d9384336718eadd6a727b

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 09:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b7283a20425f91c3ce906bb91cc8c89b_JaffaCakes118.html
Size

15KB
MD5

b7283a20425f91c3ce906bb91cc8c89b
SHA1

192382d9b83e78719481fc39e9dca0f062f0d8b5
SHA256

5ae0163de04e9602802feac4ad6eb7d3cc82a015131d9384336718eadd6a727b
SHA512

7e3f127e5e97011b87362fb74c1ccdc15854fa639d007b0b58ed444e3741e4955869fb8274cfb6175824a5a872378b265bf7f17654d09413020076a81c6f6eda
SSDEEP

192:d1z83pwnlv/iC4YO0n7edvGdS/gmGRwMSQsW:rz83pWlqEe9G0/gmGCMSe

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1472	msedge.exe
1472	msedge.exe
1740	identity_helper.exe
1740	identity_helper.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 2660	1472	msedge.exe	84
PID 1472 wrote to memory of 2660	1472	msedge.exe	84
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1260	1472	msedge.exe	85
PID 1472 wrote to memory of 1128	1472	msedge.exe	86
PID 1472 wrote to memory of 1128	1472	msedge.exe	86
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87
PID 1472 wrote to memory of 3628	1472	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b7283a20425f91c3ce906bb91cc8c89b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9099546f8,0x7ff909954708,0x7ff909954718
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,13554985806255816525,6331509140595409217,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,13554985806255816525,6331509140595409217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,13554985806255816525,6331509140595409217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13554985806255816525,6331509140595409217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13554985806255816525,6331509140595409217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,13554985806255816525,6331509140595409217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,13554985806255816525,6331509140595409217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13554985806255816525,6331509140595409217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13554985806255816525,6331509140595409217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13554985806255816525,6331509140595409217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13554985806255816525,6331509140595409217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,13554985806255816525,6331509140595409217,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
e993b27a31ef5c1486d2cc448d4a43a5

SHA1
b05171622267807fc7213b5c00067558a36b5403

SHA256
dd22312807b20a4ee7d5e3bfe6598523ec52fa06fa369bd77e278afcb2703060

SHA512
81ccc57a55b71c61a328194fb7003e312cb0a1663e9cb385c94ddfc7426b9eb9a28b1b691fad0870916a258b87af68b02319348d8394688788ac1a498152a465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d18f79790bd369cd4e40987ee28ebbe8

SHA1
01d68c57e72a6c7e512c56e9d45eb57cf439e6ba

SHA256
c286da52a17e50b6ae4126e15ecb9ff580939c51bf51ae1dda8cec3de503d48b

SHA512
82376b4550c0de80d3bf0bb4fd742a2f7b48eb1eae0796e0e822cb9b1c6044a0062163de56c8afa71364a298a39c2627325c5c69e310ca94e1f1346e429ff6ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9eb20214ae533fa98dfbfdc8128e6393

SHA1
c6b5b44c9f4fff2662968c050af58957d4649b61

SHA256
b2be14a1372115d7f53c2e179b50655e0d0b06b447a9d084b13629df7eec24ab

SHA512
58648305f6a38f477d98fcc1e525b82fc0d08fb1ab7f871d20bd2977650fa7dafa3a50d9f32e07d61bd462c294e7b651dc82b6a333752ca81682329a389ae8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ef50af550093d3f48e4f51f03add30b3

SHA1
ad6f2e878adae1f19f8cec1d8704043036dbc4bf

SHA256
ec1d117fcad84b4d0662dba753de279f65b9addd744d81fddbf5b53c11bcb905

SHA512
1d7ed1fe1c77bbf64e79208881d26184cc07818bb6e312308c13cb51771c59435420ae3cccf6b08d52cd8a9b3d338943579411a5f5c23e23a9088bb6702e708d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
12d5aa0850b8ba9aca6e3100e4b38de3

SHA1
88b62de8b12b9dd45a79b32373d03cf1110c1097

SHA256
551e1a5ea61cefe9541bc7aa49592050978525007ee26af2c7d6241a82b9305e

SHA512
07284ba84769b4bb4ce74f7736dc8692a8b1adfe12154bfce02a03ab925ccc73c51c2914bf8fa8e36c9f31e562f95cf1a90343227a2f1f87111c6eadb7611a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2caf476b3071d5619919dbf6861d9d73

SHA1
efcf4310744899fe509f1d5c6975689341fbfde0

SHA256
6dd376d62e15be8ba48b24b4d5f816b2bbac25e802997afdaf4b630236cdc90c

SHA512
18a5ecb0d8164fd7e3814386712a307395dff508c2344236ffbffd2dc29a31cc8084a81777c46acda766696ec2dce66f245273df3da378a7e293ac08675e258b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6be217d826ff7c4aa81d39663a38dc10

SHA1
b32f46cf12fc4821f702880382f18ef3714eec66

SHA256
754dca9404f119306b757d135efbab8856521366fe9a3961c5373dda2a57becd

SHA512
306a06b11f079ad10db885200c0bbe37b56bd9687024e18fa84cfb95663f8fb00debebb381e030d5e6c4daca8eddcf180a37668745ec4972ef732dcb0bd4296d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
127d5e386788bc0d0c5ec7143cbcefbf

SHA1
4eae0a644b71215b2788770f70cda3edcd233318

SHA256
b4e61468b54010df34ee5ad9cf04070877503161c19a06b360d7cfb5bb12fc61

SHA512
c81d4ee170bb8de7c66a1c59977b05ee711672d84858d5f9445d76df69e5c2b9914e172d54aaaf74d0c7bd0d746f304f5f15fe4991820ef47091a32e6ecd3fff

Download Submit